|
 |
|
 |
|
| |
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
A remote attacker could execute arbitrary commands on a
client system when the client browses to a malicious web
site hosted by the attacker.
|
|
| |
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
Internet Explorer is missing critical patches which
fix multiple vulnerabilities, the most critical of which
could allow code execution with the privileges of the user
when a user visits a malicious web site or opens an
HTML e-mail message. In some cases patches are not used, with
the user being required to upgrade the version of Internet
Explorer to avoid the vulnerability. Specifically:
- 04/14/08
Internet Explorer 8 has two vulnerabilities in Beta 1 (8.0.6001.17184), a persistent denial of service in the
browser caused by prototype hijacking of the XDomainRequest Object (the user must reboot the operating system
to get rid of the problem) and multiple issues in the res:// protocol including script injections.
- 10/25/04
The Shell.Explorer ActiveX object allows window
objects to read and write files on the local file system.
In conjunction with other vulnerabilities, such as the
drag and drop vulnerability mentioned below, this could
allow command execution by a malicious web page or HTML
e-mail message.
|
|
| |
|
|
|
|
|
|
|
|
|
To use Internet Explorer securely, take the following steps:
(The vulnerabilities in IE 8, Beta 1 have not yet been patched)
(The response splitting and smuggling related to setRequestHeader() has not yet been patched)
(The file focus stealing vulnerability has not yet been patched)
(The stack overflow vulnerability has not yet been patched.)
(The document.open spoofing vulnerability has not yet been patched.)
- Install the appropriate cumulative patch for your version
of Internet Explorer as outlined in Microsoft Security Bulletins
07-009,
07-061,
08-022,
08-032,
08-052,
10-002,
11-031,
12-063,
12-071,
12-077,
13-008,
13-010,
13-037,
and
13-038.
- Fix the Security Zone Bypass vulnerability (CVE-2010-0255) as described in Microsoft Security Advisory (980088)
- Prevent WPAD proxy server interception as described in Microsoft Knowledge Base Article 934864
- Disable the Javaprxy.dll object
- Disable the ADODB.Stream object
- Disable the Shell.Explorer object
Instructions for disabling the ADODB.Stream object can be found in
Microsoft Knowledge Base Article 870669.
To disable the Shell.Explorer object, set the following
registry value:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8856F961-340A-11D0-A96B-00C04FD705A2}
Compatibility Flags = 400 (type dword, radix hex)
To disable the Javaprxy.dll object, install the update referenced in
Microsoft Security Bulletin 05-037.
|
|
| |
|
|
|
|
|
|
|
|
|
For more information on all Internet Explorer security fixes, see the
Internet Explorer Critical Updates page.
For more information on specific vulnerabilities, see Microsoft Security Bulletins
03-004,
03-015,
03-020,
03-032,
03-040,
03-048,
04-004,
04-025,
04-038,
04-040,
05-014,
05-020,
05-025,
05-037,
05-038,
05-052,
05-054,
06-004,
06-013,
06-021,
06-023,
06-042,
06-055,
06-067,
06-072,
07-004,
07-009,
07-016,
07-027,
07-033,
07-045,
07-050,
07-057,
07-061,
07-069,
08-010,
08-022,
08-023,
08-024,
08-031,
08-032,
08-045,
08-052,
08-058,
08-073,
08-078,
09-002,
09-014,
09-019,
09-034,
09-045,
09-054,
09-072,
10-002,
10-018,
10-035,
10-053,
10-071,
10-090,
11-003,
11-018,
11-031,
11-052,
11-050,
11-057,
11-081,
11-099,
12-010,
12-023,
12-037,
12-044,
12-052,
12-063,
12-071,
12-077,
13-008,
13-009,
13-010,
13-021,
13-028,
13-037,
and
13-038.
Also see CERT advisories
CA-2003-22,
TA04-033A,
TA04-163A,
TA04-212A,
TA04-293A,
TA04-315A,
TA04-336A,
TA05-165A,
TA05-221A, and
US-CERT Vulnerability Note VU#378604.
The IE 8, Beta 1 vulnerabilities were reported in
Bugtraq ID 28580
and
Bugtraq ID 28581.
Unfixed variants of the drag and drop vulnerability and the
Shell.Explorer object were discussed in
NTBugtraq and
Full Disclosure.
| | |
